UpGuard Release Notes

The Vendor Relationship Questionnaire streamlines the process for capturing all relevant  information when onboarding a new vendor, and the new Vendor Portfolios ensures easier categorization and vendor management in addition to the already existing labels and vendor tiering features.

Both of these features have been released to our beta customers ahead of the full release. Please talk to your Technical Account Manager or contact support@upguard.com to find out how to join our beta program to gain early access to these features.

Vendor Relationship Questionnaire

Streamline collaboration within your organization when onboarding a new vendor with the Vendor Relationship Questionnaire. This feature enables you to gather and store key information from the people managing the vendor relationship, allowing you to simplify the overall risk assessment process.

For help with setting up and using your Vendor Relationship Questionnaire you can visit How to use vendor relationship questionnaires.

Vendor Portfolios

You can now efficiently group monitored organizations into seperate lists using the portfolios feature. Portfolios allow you to limit access so that individual users within your team only see the vendors relevant to them. Once setup, this feature allows you to:

• Easily filter, view and report the performance of  individual portfolios
• Maintain and report on separate vendor portfolios for different departments or groups within your organization
• Manage permissions so that users only have access to the portfolios and vendors they need.

For help with setting up and using Vendor Portfolios you can visit How to use portfolios to segment your vendors.

Other improvements

• This release includes a number of bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

We’ve made it easier to quickly find questionnaires, with upgrades to the existing ‘Search Questionnaires’ functionality. 

This includes the ability to search by:

• Vendor name
• Sender name
• Questionnaire name
• Questionnaire type

You can also apply ‘vendor name’ as a filter, in addition to tier, label and score.  For help sending a security questionnaire to your vendors, you can visit ‘How to send security questionnaires in UpGuard Vendor Risk’.

Other improvements

• Added a 'Remediation' flag to the questionnaire API output 
• Other bug fixes

You now have the flexibility to send tailored notifications to any email address, including other domains, recipients who are not UpGuard users, and group addresses such as security@mycompany.com.

Building the right notification process is critical when securing your company and customer data. By setting up an email integration, this allows you: 

• The flexibility to automatically notify any email address when a specific event occurs, such as when a new domain or IP is added to your company for verification by the IT department.
• The ability to customize the messaging for each notification, to provide the required context and information.

For help setting up an email integration, check out 'How to create an email integration in UpGuard'.

Request remediation on shared profile questionnaires

Creating a shared profile is a great way to proactively share your organization’s security posture and related documentation with current and prospective vendors to expedite the assessment process. Now, when you have been provided access to a questionnaire through a shared profile, you can request remediation of these risks directly. For more information, see 'How to remediate risks from shared questionnaires'.

Other improvements

• This release includes a number of bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

One of the key reasons why many organizations look to UpGuard is to reduce the time it takes to perform and document a vendor risk assessment. With remediation requests within the risk assessment, you can now send remediation requests, track the progress of each item under remediation and have a record of the remediation request embedded directly in a point-in-time risk assessment. For help, please see  ‘How to complete a risk assessment’.

Other improvements

• This release includes a number of bug fixes

Stay up to date with your organization’s attack surface changes with the new BreachSight email digest. You’ll receive a monthly email outlining any changes to your security rating, information about any risks added or resolved, updates to IPs and domains as well as a quick way to review and resolve any associated risks. You can enable/disable this feature in the Manage Notifications section on your home page or from the link within the email itself.

Other improvements

• Add and remove custom domains/IPs using the public API
• Add descriptions to files uploaded to questionnaires
• Bug fixes

Jira Cloud Integration

You can now send issues directly into your Jira Cloud project from UpGuard with our native Jira Cloud integration. Most Jira issue field types are supported and can be automated based on the content of a notification, providing robust customization options. For example, you could set up this integration to assign a Jira issue to a specific person whenever we detect a new vulnerability among your web assets. Check out this article to learn how to set up the Jira Cloud Integration. 

Essential Eight Questionnaire

The Australian Cyber Security Center (ACSC) developed the Essential Eight in 2017 to protect Microsoft Windows-based internet-connected networks. While the Essential Eight may be applied to cloud services, enterprise mobility, or other operating systems, it was not primarily designed for such purposes. Alternative mitigation strategies may be more appropriate to mitigate unique cyber threats to these environments. 

This iteration of the UpGuard Essential Eight Questionnaire will assess your vendors thoroughly across all eight mitigation strategies and provide the risks identified and scoring out of 950 (as our other questionnaires operate). We understand that the Essential Eight is typically based on maturity ratings which we may explore in future iterations of this questionnaire.

The Essential Eight Questionnaire can be used in conjunction with UpGuard's Anatomy of a Cloud questionnaire to analyze organizations’ cloud computing environments further.

Other improvements

• You can now amend/edit remediation requests.
• Bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

Send a questionnaire to multiple vendors at once

Sending a questionnaire to multiple vendors previously required you to repeat the questionnaire sending process for each vendor. Now we have streamlined this process, enabling you to easily send many questionnaires at once by selecting multiple vendors within the one workflow. This is particularly useful when a broad impact vulnerability such as Solarwinds or Log4j is discovered and you need to quickly assess your Tier 1 vendors to determine the risk exposure of your organization.

For more information on sending questionnaires, visit our knowledge base article ‘How to send security questionnaires in UpGuard’.

Other improvements

• Bug fixes

Until now, only automatically discovered fourth parties were able to be viewed in our Fourth Parties feature. Now corporate+ customers can map out fourth party vendors as you become aware of them, and optionally add corresponding information about the specific products being utilized. For more information, see the knowledge base article ‘How to add a fourth party vendor in UpGuard’

Other improvements

• Performance improvements for the vendor portfolio risk profile.
• Bug fixes

Learn about new features, changes, and improvements to UpGuard this month.